Skip to content

September 9, 2017

Equifax tries to explain its response to a massive security breach

by John_A

A day after announcing that hackers stole personal information tied to 143 million people in the US, Equifax’s response to the breach has come under scrutiny. Language on the website where people could find out if they were affected seemed to say that by signing up they would waive any right to join a class action suit against the company — something New York Attorney General Eric Schneiderman said is “unacceptable and unenforceable.” The company has since explained it does not apply to the data breach at all, but that hasn’t stopped misinformation from spreading.

After conversations w my office, @Equifax has clarified its policy re: arbitration. We are continuing to closely review. pic.twitter.com/WcPZ9OqMcL

— Eric Schneiderman (@AGSchneiderman) September 8, 2017

Equifax:

In response to consumer inquiries, we have made it clear that the arbitration clause and class action waiver included in the Equifax and TrustedID Premier terms of use does not apply to this cybersecurity incident,

Of course, considering the extent of what has leaked and the number of people affected, a hyperbolic reaction to anything surrounding this incident is understandable. Still, there are a few steps that people can and should take, now that we know someone has stolen more than enough information to perpetrate identity theft on a massive scale.

Now that the language has been clarified, it appears legally clear to use Equifax’s website to check things out. Among Engadget staff, a few of us received notices that we aren’t among those impacted, but most weren’t so lucky. Still, there are questions about how secure the site itself is, since it requests the last six digits of each person’ social security number (and guessing first three isn’t as hard as you might think). Also, it doesn’t appear to work particularly well, responding to test and “gibberish” input with a claim that it’s part of the breach also.

The best information on how to respond is available from the FTC. The government agency lays out solid next steps, like checking your credit report for any suspicious entries, as well as placing a freeze (there’s more advice on that here) and/or fraud alert on your account with the major credit bureaus. This will make it harder for a thief to create a fake account for you and should force creditors to verify your identity. Finally, it’s important to file your taxes early, before a scammer potentially can.

Source: Equifax, FTC

Advertisements
Read more from News

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Note: HTML is allowed. Your email address will never be published.

Subscribe to comments

%d bloggers like this: